Come join our live training webinar every other Wednesday at 11am PST and hear LogicMonitor experts explain best practices and answer common questions. We understand these are uncertain times, and we are here to help!
Palo Alto firewalls expose a small amount of data by SNMP, but in order to get comprehensive monitoring it is necessary to also use the Palo Alto API. Therefore, you should ensure that SNMP is enabled and configured correctly on your device as well as set your Palo Alto API key as a device property in LogicMonitor.
To get your API key and set it as a device property:
curl -k -X GET 'https://<firewall>/api/?type=keygen&user=<username>&password=<password>'
curl -k -X POST 'https://<firewall>/api/?type=keygen&user=<username>&password=<password>'
Note: Replace firewall, username, and password in the above URL with the appropriate values. Any special characters in the password must be URL encoded (your browser will most likely do this for you.)
Note: Ensure this property is set on all Palo Alto devices, including the Panorama management server. It is easiest to set this property at the root level of your LogicMonitor account; this allows the DataSources to connect via the API. For more information on setting properties, see Resource and Instance Properties.
In some cases, Palo Alto Firewalls allow SNMP requests from a Collector to a device, but block the response from the device back to the Collector. This is evidenced by a discard session on the firewall for the response packet (that is, discard UDP from device:snmp port -> collector:highport). This discard session would then block ALL subsequent SNMP responses from the device back to the Collector that are using the same port on the Collector, until a Collector restart or other event allows the discard session to expire (after no traffic for 30-60 seconds). This could potentially result in SNMP data collection issues where traffic from a Collector to its monitored devices flows across a Palo Alto Firewall.
In This Article